Interesting approach. I like Docker/Kubernetes way of secret mounts where you can limit user/group permissions too.

Meanwhile, I was an avid user of the echo secret | ssh consume approach, specifically for the kerberos authentication.

In my workflow, I saved the kerberos password to the macOS keychain, where kinit --use-keychain authenticated me seamlessly. However this wasn't the case for remote machines.

Therefore, I have implemented a quick script that is essentially

    security find-generic-password -a "kerberos" -s "kerberos-password" -w | ssh user@host kinit user@REALM

Which served me really good for the last 4~years.